The UEM Agent offers the possibility to validate packages before the installation. The validation is done via SHA-256 checksums which are generated per package.

An option in the Agent Configuration defines if the agent should validate packages before installing them.  (Miscellaneous Settings -> Validate packages before installation)

The generation of the hashes and the creation of the corresponding PackageHashes.json file on the Empirum server is automated by a service. The file serves as a checkpoint for the UEM Agent to verify the downloaded package on a client.

Any time after you change the contents of a package you have to prepare the package for validation. This is done in the Empirum Management Console.

The check is performed before the installation by comparing the hash value generated on the server with the hash value generated locally before the installation.

If the validation of the packages via hash is activated, the result of the validation can be viewed in the SWDepot log of the EMC under the mode "Validation Status".

Effect of incorrect validation of packets

If the package validation detects a difference between the hash values on the server and on the client, the FailedInstallationRetries counter is incremented for this package. This behavior can be controlled specifically with the CountHashValidationErrors key as DWORD.

• If the key exists and has a value unequal to "1", the counter is not incremented.
• If the key does not exist or has the value "1", the counter is incremented.

Example call for a behavior change:

REG ADD HKLM\SOFTWARE\MATRIX42\AGENT /v CountHashValidationErrors /t REG_DWORD /d 1 /f

Observing the sequence

If, in the order of the UEM Agent package list to be processed, a package has a negative validation, all subsequent packages are no longer executed until the validation is positive.